Consider it taken care of.

Using SCOM to moniotor name resolution on a Kiosk or Schrodinger’s DNS

The Problem:I have a number of Kiosks that are going to be used by VIP’s and I have been asked to make sure that these kiosks are working properly and to proactively respond to failures. Our monitoring tool is SCOM 2007 R2. In this entry I will cover my attempt to monitor DNS name resolution.

The Process:
First I found that there is an existing monitor that does basically exactly what I want. Of course I know this becasue it didn’t work properly at first and thanks to Kevin Holman’s OpsMgr Blog I even got an answer. Now all I need to do is leverage this existing type and life will be grand. Little did I know I was about to enter the quantum world of management pack XML.

Using an excellent little powershell script from Boris Yanushpolsky I can open sealed MP’s and have a look. So I crack open Microsoft.Windows.DNSServer.2003 and Microsoft.Windows.DNSServer.Library and quickly find that the monitor type I am looking for is Microsoft.Windows.DNSServer.Library.NSLookupAvailability

I create my own empty management pack, and add the following reference

Then I export my new management pack and open it in the authoring console and basically copy everything from the monitor that I want to my new monitor. Since I want this monitor to only specific machines I have created a group with dynamic members to target this monitor at.

Some notes on Targeting:
You can’t target monitors, rules or tasks at dynamic groups. If you want all the gory details then thanks to Jakub and http://www.scom2k7.com/scom-2007-targeting/ but the bottom line is you have to pick an existing class that will be available everywhere. Best practice suggests that you pick the closest existing class that you can, don’t just pick windows computer for everything. The secret is to create whatever it is you are doing as disabled and then use an override to enable it based on the dynamic group you created.

So now that I have my targeting issues worked out I find that this monitor is not becoming active, initially I thought this was because of my targeting but now I needed some help. a call to Microsoft support teaches me a couple of things I will pass on here.

Within the DNS library we find the section <UnitMonitorType ID=”Microsoft.Windows.DNSServer.Library.NSLookupAvailability”

within this unit monitor type we find <ProbeAction ID=”Probe” TypeID=”Microsoft.Windows.DNSServer.Library.Probe.NSLookupTest.PropertyBag”> this links to another section <ProbeActionModuleType ID=”Microsoft.Windows.DNSServer.Library.Probe.NSLookupTest.PropertyBag” and within this section we finally have <ScriptName>NslookupAllTests.js</ScriptName>

Now that we know the actual script the will really do the work on the host is called NslookupAllTests.js then we can search for it in the library and tada there it is. Script: NslookupAllTests.js of this is about 2 lines below the propertybag but I wanted to show the progression in case someone else is tyring to figure out something similar.

Now I am no javascript expert by any means but the following few lines are pretty clear to me

//Check if DNS service is running. Abort script with a warning if it’s not.
if (!DNSServiceRunning())

so despite the fact that for this specific test the DNS server service does not need to be running or even installed there is a single script running for all the dns testing and it will not run unless the DNS service is running.

now I guess I could comment out these three lines reseal the management pack and cross my fingers but the risk to my existing monitors and dealing with the next MP upgrade is more than I want to deal with right now.

The Solution: NOT
Well unfortunately my development skills are haunting me today.
The final solution would be to create a new library based on Microsoft.Windows.DNSServer.Library, providing new monitor types complete with overrides and alter the underlying DNS NslookupAllTests.js script to do what I need. Unfortunately java script is not a language I have taken the time to get familiar with and beyond that the required XML to get the library and monitor working is just taking too long.

Plan B….. I will have to get back to everybody on that

The Solution : Finally

OK, so it was not 4000 lines it took only 953.

With some help from PSS and a lot of theft from the DNS library I have managed to create a management pack to monitor DNS resolution. The monitor is called DNS Resolution Check and falls under windows computer. It is disabled by default and will require that you either configure and enable it or simply create overrides. I also added an override for server so you could direct different clients at different DNS servers. The Server config \ override will take a series of IP addresses comma separated.

SCOM is an interesting tool, but the authoring console is sadly lacking. Something as simple as a name resolution test should be simple to create. I should not need 4000 lines of XML and JS to handle something this simple.

We should be able to use dynamic groups as Watcher Nodes for web and port monitors.